57 lines
1.7 KiB
Text
57 lines
1.7 KiB
Text
---
|
|
# Define resources for this group of hosts here.
|
|
# Block some ips that are using too mauch resources
|
|
custom_rules: [
|
|
'-A INPUT -s 81.69.171.38/32 -j REJECT',
|
|
'-A INPUT -s 175.24.248.206/32 -j REJECT',
|
|
'-A INPUT -s 47.76.209.138/32 -j REJECT',
|
|
'-A INPUT -s 47.76.99.127/32 -j REJECT'
|
|
]
|
|
nft_custom_rules:
|
|
- 'add rule ip filter INPUT ip saddr 81.69.171.38 counter reject'
|
|
- 'add rule ip filter INPUT ip saddr 175.24.248.206 counter reject'
|
|
- 'add rule ip filter INPUT ip saddr 47.76.0.0/14 counter reject'
|
|
- 'add rule ip filter INPUT ip saddr 47.80.0.0/13 counter reject'
|
|
- 'add rule ip filter INPUT ip saddr 47.74.0.0/15 counter reject'
|
|
# For the MOTD
|
|
db_backup_dir: ['/backups']
|
|
dbs_to_backup: ['pagure']
|
|
env: pagure
|
|
freezes: true
|
|
host_backup_targets: ['/srv/git', '/var/www/releases']
|
|
ipa_client_shell_groups:
|
|
- sysadmin-noc
|
|
- sysadmin-web
|
|
- sysadmin-veteran
|
|
ipa_client_sudo_groups:
|
|
- sysadmin-web
|
|
ipa_host_group: pagure
|
|
ipa_host_group_desc: Pagure GIT Forge
|
|
lvm_size: 750000
|
|
max_mem_size: 131072
|
|
mem_size: 65536
|
|
num_cpus: 48
|
|
postfix_group: vpn.pagure
|
|
primary_auth_source: ipa
|
|
sshd_config: ssh/sshd_config.pagure
|
|
sshd_keyhelper: true
|
|
stunnel_destination_port: :::8080
|
|
stunnel_service: "eventsource"
|
|
stunnel_source_port: 8088
|
|
# for systems that do not match the above - specify the same parameter in
|
|
# the host_vars/$hostname file
|
|
tcp_ports: [22, 25, 80, 443, 8442, 8443, 8444, 8445,
|
|
# Used for the eventsource
|
|
8088]
|
|
vpn: true
|
|
|
|
notes: |
|
|
Run the pagure instances for fedora
|
|
|
|
There are a few things running here:
|
|
* The apache/mod_wsgi app for pagure
|
|
* This host relies on:
|
|
* A postgres db server running locally
|
|
|
|
Things that rely on this host:
|
|
* nothing currently
|